This module converts Perl data structures to the Concise Binary Object Representation (CBOR) and vice versa. CBOR is a fast binary serialisation format that aims to use an (almost) superset of the JSON data model, i.e. when you can represent something useful in JSON, you should be able to represent it in CBOR.

In short, CBOR is a faster and quite compact binary alternative to JSON, with the added ability of supporting serialisation of Perl objects. (JSON often compresses better than CBOR though, so if you plan to compress the data later and speed is less important you might want to compare both formats first).

To give you a general idea about speed, with texts in the megabyte range, CBOR::XS usually encodes roughly twice as fast as Storable or JSON::XS and decodes about 15%-30% faster than those. The shorter the data, the worse Storable performs in comparison.

Regarding compactness, CBOR::XS-encoded data structures are usually about 20% smaller than the same data encoded as (compact) JSON or Storable.

In addition to the core CBOR data format, this module implements a number of extensions, to support cyclic and shared data structures (see allow_sharing and allow_cycles), string deduplication (see pack_strings) and scalar references (always enabled).

The primary goal of this module is to be correct and the secondary goal is to be fast. To reach the latter goal it was written in C.

See MAPPING, below, on how CBOR::XS maps perl values to CBOR values and vice versa.

Sets the maximum nesting level (default 512) accepted while encoding or decoding. If a higher nesting level is detected in CBOR data or a Perl data structure, then the encoder and decoder will stop and croak at that point.

Nesting level is defined by number of hash- or arrayrefs that the encoder needs to traverse to reach a given point or the number of { or [ characters without their matching closing parenthesis crossed to reach a given character in a string.

Setting the maximum depth to one disallows any nesting, so that ensures that the object is only a single hash/object or array.

If no argument is given, the highest possible setting will be used, which is rarely useful.

Note that nesting is implemented by recursion in C. The default value has been chosen to be as large as typical operating systems allow without crashing.

Set the maximum length a CBOR string may have (in bytes) where decoding is being attempted. The default is 0, meaning no limit. When decode is called on a string that is longer then this many bytes, it will not attempt to decode the string but throw an exception. This setting has no effect on encode (yet).

If no argument is given, the limit check will be deactivated (same as when 0 is specified).

If $enable is true (or missing), then encode will not double-encode values that have been referenced before (e.g. when the same object, such as an array, is referenced multiple times), but instead will emit a reference to the earlier value.

This means that such values will only be encoded once, and will not result in a deep cloning of the value on decode, in decoders supporting the value sharing extension. This also makes it possible to encode cyclic data structures (which need allow_cycles to be enabled to be decoded by this module).

It is recommended to leave it off unless you know your communication partner supports the value sharing extensions to CBOR (http://cbor.schmorp.de/value-sharing), as without decoder support, the resulting data structure might be unusable.

Detecting shared values incurs a runtime overhead when values are encoded that have a reference counter large than one, and might unnecessarily increase the encoded size, as potentially shared values are encode as shareable whether or not they are actually shared.

At the moment, only targets of references can be shared (e.g. scalars, arrays or hashes pointed to by a reference). Weirder constructs, such as an array with multiple "copies" of the same string, which are hard but not impossible to create in Perl, are not supported (this is the same as with Storable).

If $enable is false (the default), then encode will encode shared data structures repeatedly, unsharing them in the process. Cyclic data structures cannot be encoded in this mode.

This option does not affect decode in any way - shared values and references will always be decoded properly if present.

If $enable is true (or missing), then decode will happily decode self-referential (cyclic) data structures. By default these will not be decoded, as they need manual cleanup to avoid memory leaks, so code that isn't prepared for this will not leak memory.

If $enable is false (the default), then decode will throw an error when it encounters a self-referential/cyclic data structure.

FUTURE DIRECTION: the motivation behind this option is to avoid real cycles - future versions of this module might chose to decode cyclic data structures using weak references when this option is off, instead of throwing an error.

This option does not affect encode in any way - shared values and references will always be encoded properly if present.

If $enable is true (or missing), then encode will will throw an exception when it encounters perl objects that would be encoded using the perl-object tag (26). When decode encounters such tags, it will fall back to the general filter/tagged logic as if this were an unknown tag (by default resulting in a CBOR::XC::Tagged object).

If $enable is false (the default), then encode will use the Types::Serialiser object serialisation protocol to serialise objects into perl-object tags, and decode will do the same to decode such tags.

If $enable is true (or missing), then encode will try not to encode the same string twice, but will instead encode a reference to the string instead. Depending on your data format, this can save a lot of space, but also results in a very large runtime overhead (expect encoding times to be 2-4 times as high as without).

It is recommended to leave it off unless you know your communications partner supports the stringref extension to CBOR (http://cbor.schmorp.de/stringref), as without decoder support, the resulting data structure might not be usable.

If $enable is false (the default), then encode will encode strings the standard CBOR way.

This option does not affect decode in any way - string references will always be decoded properly if present.

This option has similar advantages and disadvantages as text_keys. In addition, this option effectively removes the ability to encode byte strings, which might break some FREEZE and TO_CBOR methods that rely on this, such as bignum encoding, so this option is mainly useful for very simple data.

The concept of "valid UTF-8" used is perl's concept, which is a superset of the official UTF-8.

If $enable is false (the default), then decode will blindly accept UTF-8 data, marking them as valid UTF-8 in the resulting data structure regardless of whether that's true or not.

Perl isn't too happy about corrupted UTF-8 in strings, but should generally not crash or do similarly evil things. Extensions might be not so forgiving, so it's recommended to turn on this setting if you receive untrusted CBOR.

This option does not affect encode in any way - strings that are supposedly valid UTF-8 will simply be dumped into the resulting CBOR string without checking whether that is, in fact, true or not.

Sets or replaces the tagged value decoding filter (when $cb is specified) or clears the filter (if no argument or undef is provided).

The filter callback is called only during decoding, when a non-enforced tagged value has been decoded (see "TAG HANDLING AND EXTENSIONS" for a list of enforced tags). For specific tags, it's often better to provide a default converter using the %CBOR::XS::FILTER hash (see below).

The first argument is the numerical tag, the second is the (decoded) value that has been tagged.

The filter function should return either exactly one value, which will replace the tagged value in the decoded data structure, or no values, which will result in default handling, which currently means the decoder creates a CBOR::XS::Tagged object to hold the tag and the value.

When the filter is cleared (the default state), the default filter function, CBOR::XS::default_filter, is used. This function simply looks up the tag in the %CBOR::XS::FILTER hash. If an entry exists it must be a code reference that is called with tag and value, and is responsible for decoding the value. If no entry exists, it returns no values. CBOR::XS provides a number of default filter functions already, the the %CBOR::XS::FILTER hash can be freely extended with more.

CBOR::XS additionally provides an alternative filter function that is supposed to be safe to use with untrusted data (which the default filter might not), called CBOR::XS::safe_filter, which works the same as the default_filter but uses the %CBOR::XS::SAFE_FILTER variable instead. It is prepopulated with the tag decoding functions that are deemed safe (basically the same as %CBOR::XS::FILTER without all the bignum tags), and can be extended by user code as wlel, although, obviously, one should be very careful about adding decoding functions here, since the expectation is that they are safe to use on untrusted data, after all.

Example: decode all tags not handled internally into CBOR::XS::Tagged objects, with no other special handling (useful when working with potentially "unsafe" CBOR data).

CBOR::XS->new->filter (sub { })->decode ($cbor_data);

Example: provide a global filter for tag 1347375694, converting the value into some string form.

This works like the decode method, but instead of raising an exception when there is trailing garbage after the CBOR string, it will silently stop parsing there and return the number of characters consumed so far.

This is useful if your CBOR texts are not delimited by an outer protocol and you need to know where the first CBOR string ends amd the next one starts.

In some cases, there is the need for incremental parsing of JSON texts. While this module always has to keep both CBOR text and resulting Perl data structure in memory at one time, it does allow you to parse a CBOR stream incrementally, using a similar to using "decode_prefix" to see if a full CBOR object is available, but is much more efficient.

It basically works by parsing as much of a CBOR string as possible - if the CBOR data is not complete yet, the pasrer will remember where it was, to be able to restart when more data has been accumulated. Once enough data is available to either decode a complete CBOR value or raise an error, a real decode will be attempted.

A typical use case would be a network protocol that consists of sending and receiving CBOR-encoded messages. The solution that works with CBOR and about anything else is by prepending a length to every CBOR value, so the receiver knows how many octets to read. More compact (and slightly slower) would be to just send CBOR values back-to-back, as CBOR::XS knows where a CBOR value ends, and doesn't need an explicit length.

This method attempts to decode exactly one CBOR value from the beginning of the given $buffer. The value is removed from the $buffer on success. When $buffer doesn't contain a complete value yet, it returns nothing. Finally, when the $buffer doesn't start with something that could ever be a valid CBOR value, it raises an exception, just as decode would. In the latter case the decoder state is undefined and must be reset before being able to parse further.

This method modifies the $buffer in place. When no CBOR value can be decoded, the decoder stores the current string offset. On the next call, continues decoding at the place where it stopped before. For this to make sense, the $buffer must begin with the same octets as on previous unsuccessful calls.

You can call this method in scalar context, in which case it either returns a decoded value or undef. This makes it impossible to distinguish between CBOR null values (which decode to undef) and an unsuccessful decode, which is often acceptable.

This section describes how CBOR::XS maps Perl values to CBOR values and vice versa. These mappings are designed to "do the right thing" in most circumstances automatically, preserving round-tripping characteristics (what you put in comes out as something equivalent).

For the more enlightened: note that in the following descriptions, lowercase perl refers to the Perl interpreter, while uppercase Perl refers to the abstract Perl language itself.

UTF-8 strings in CBOR will be decoded, i.e. the UTF-8 octets will be decoded into proper Unicode code points. At the moment, the validity of the UTF-8 octets will not be validated - corrupt input will result in corrupted Perl strings.

These CBOR values become Types:Serialiser::true, Types:Serialiser::false and Types::Serialiser::error, respectively. They are overloaded to act almost exactly like the numbers 1 and 0 (for true and false) or to throw an exception on access (for error). See the Types::Serialiser manpage for details.

Perl hash references become CBOR maps. As there is no inherent ordering in hash keys (or CBOR maps), they will usually be encoded in a pseudo-random order. This order can be different each time a hash is encoded.

Currently, tied hashes will use the indefinite-length format, while normal hashes will use the fixed-length format.

Other unblessed references will be represented using the indirection tag extension (tag value 22098, http://cbor.schmorp.de/indirection). CBOR decoders are guaranteed to be able to decode these values somehow, by either "doing the right thing", decoding into a generic tagged object, simply ignoring the tag, or something else.

Objects of this type must be arrays consisting of a single [tag, value] pair. The (numerical) tag will be encoded as a CBOR tag, the value will be encoded as appropriate for the value. You must use CBOR::XS::tag to create such objects.

Simple Perl scalars (any scalar that is not a reference) are the most difficult objects to encode: CBOR::XS will encode undefined scalars as CBOR null values, scalars that have last been used in a string context before encoding as CBOR strings, and anything else as number value:

Perl doesn't define what operations up- and downgrade strings, so if the difference between byte and text is important, you should up- or downgrade your string as late as possible before encoding. You can also force the use of CBOR text strings by using text_keys or text_strings.

You can force the type to be a CBOR number by numifying it:

my $x = "3"; # some variable containing a string
$x += 0; # numify it, ensuring it will be dumped as a number
$x *= 1; # same thing, the choice is yours.

You can not currently force the type in other, less obscure, ways. Tell me if you need this capability (but don't forget to explain why it's needed :).

Perl values that seem to be integers generally use the shortest possible representation. Floating-point values will use either the IEEE single format if possible without loss of precision, otherwise the IEEE double format will be used. Perls that use formats other than IEEE double to represent numerical values are supported, but might suffer loss of precision.

This module knows two way to serialise a Perl object: The CBOR-specific way, and the generic way.

Whenever the encoder encounters a Perl object that it cannot serialise directly (most of them), it will first look up the TO_CBOR method on it.

If it has a TO_CBOR method, it will call it with the object as only argument, and expects exactly one return value, which it will then substitute and encode it in the place of the object.

Otherwise, it will look up the FREEZE method. If it exists, it will call it with the object as first argument, and the constant string CBOR as the second argument, to distinguish it from other serialisers.

The FREEZE method can return any number of values (i.e. zero or more). These will be encoded as CBOR perl object, together with the classname.

These methods MUST NOT change the data structure that is being serialised. Failure to comply to this can result in memory corruption - and worse.

If an object supports neither TO_CBOR nor FREEZE, encoding will fail with an error.

When a My::Object is encoded to CBOR, it will instead encode a simple array with two members: a string, and the "object id". Decoding this CBOR string will yield a normal perl array reference in place of the object.

A more useful and practical example would be a serialisation method for the URI module. CBOR has a custom tag value for URIs, namely 32:

There is no way to distinguish CBOR from other formats programmatically. To make it easier to distinguish CBOR from other formats, the CBOR specification has a special "magic string" that can be prepended to any CBOR string without changing its meaning.

This string is available as $CBOR::XS::MAGIC. This module does not prepend this string to the CBOR data it generates, but it will ignore it if present, so users can prepend this string as a "file type" indicator as required.

CBOR has the concept of tagged values - any CBOR value can be tagged with a numeric 64 bit number, which are centrally administered.

CBOR::XS handles a few tags internally when en- or decoding. You can also create tags yourself by encoding CBOR::XS::Tagged objects, and the decoder will create CBOR::XS::Tagged objects itself when it hits an unknown tag.

These objects are simply blessed array references - the first member of the array being the numerical tag, the second being the value.

This function(!) creates a new CBOR::XS::Tagged object using the given $tag (0..2**64-1) to tag the given $value (which can be any Perl value that can be encoded in CBOR, including serialisable Perl objects and CBOR::XS::Tagged objects).

This section describes how this module handles specific tagged values and extensions. If a tag is not mentioned here and no additional filters are provided for it, then the default handling applies (creating a CBOR::XS::Tagged object on decoding, and only encoding the tag when explicitly requested).

Tags not handled specifically are currently converted into a CBOR::XS::Tagged object, which is simply a blessed array reference consisting of the numeric tag value followed by the (decoded) CBOR value.

Future versions of this module reserve the right to special case additional tags (such as base64url).

These tags are automatically decoded when encountered (and they do not result in a cyclic data structure, see allow_cycles), resulting in shared values in the decoded object. They are only encoded, however, when allow_sharing is enabled.

Not all shared values can be successfully decoded: values that reference themselves will currently decode as undef (this is not the same as a reference pointing to itself, which will be represented as a value that contains an indirect reference to itself - these will be decoded properly).

Note that considerably more shared value data structures can be decoded than will be encoded - currently, only values pointed to by references will be shared, others will not. While non-reference shared values can be generated in Perl with some effort, they were considered too unimportant to be supported in the encoder. The decoder, however, will decode these values as shared values.

These tags have default filters provided when decoding. Their handling can be overridden by changing the %CBOR::XS::FILTER entry for the tag, or by providing a custom filter callback when decoding.

When they result in decoding into a specific Perl class, the module usually provides a corresponding TO_CBOR method as well.

When any of these need to load additional modules that are not part of the perl core distribution (e.g. URI), it is (currently) up to the user to provide these modules. The decoding usually fails with an exception if the required module cannot be loaded.

The Time::Piece API is generally surprisingly bad, and fractional seconds are only accidentally kept intact, so watch out. On the plus side, the module comes with perl since 5.10, which has to count for something.

These tags are decoded into Math::BigRat objects. The corresponding Math::BigRat::TO_CBOR method encodes rational numbers with denominator 1 via their numerator only, i.e., they become normal integers or bignums.

CBOR is supposed to implement a superset of the JSON data model, and is, with some coercion, able to represent all JSON texts (something that other "binary JSON" formats such as BSON generally do not support).

CBOR implements some extra hints and support for JSON interoperability, and the spec offers further guidance for conversion between CBOR and JSON. None of this is currently implemented in CBOR, and the guidelines in the spec do not result in correct round-tripping of data. If JSON interoperability is improved in the future, then the goal will be to ensure that decoded JSON data will round-trip encoding and decoding to CBOR intact.

First and foremost, your CBOR decoder should be secure, that is, should not have any buffer overflows or similar bugs that could potentially be exploited. Obviously, this module should ensure that and I am trying hard on making that true, but you never know.

CBOR::XS supports object serialisation - decoding CBOR can cause calls to anyTHAW method in any package that exists in your process (that is, CBOR::XS will not try to load modules, but any existing THAW method or function can be called, so they all have to be secure).

Less obviously, it will also invoke TO_CBOR and FREEZE methods - even if all your THAW methods are secure, encoding data structures from untrusted sources can invoke those and trigger bugs in those.

So, if you are not sure about the security of all the modules you have loaded (you shouldn't), you should disable this part using forbid_objects.

CBOR can be extended with tags, and CBOR::XS has a registry of conversion functions for many existing tags that can be extended via third-party modules (see the filter method).

If you don't trust these, you should configure the "safe" filter function, CBOR::XS::safe_filter, which by default only includes conversion functions that are considered "safe" by the author (but again, they can be extended by third party modules).

Depending on your level of paranoia, you can use the "safe" filter:

$cbor->filter (\&CBOR::XS::safe_filter);

... your own filter...

$cbor->filter (sub { ... do your stuffs here ... });

... or even no filter at all, disabling all tag decoding:

$cbor->filter (sub { });

This is never a problem for encoding, as the tag mechanism only exists in CBOR texts.

You need to avoid resource-starving attacks. That means you should limit the size of CBOR data you accept, or make sure then when your resources run out, that's just fine (e.g. by using a separate process that can crash safely). The size of a CBOR string in octets is usually a good indication of the size of the resources required to decode it into a Perl structure. While CBOR::XS can check the size of the CBOR text (using max_size), it might be too late when you already have it in memory, so you might want to check the size before you accept the string.

As for encoding, it is possible to construct data structures that are relatively small but result in large CBOR texts (for example by having an array full of references to the same big data structure, which will all be deep-cloned during encoding by default). This is rarely an actual issue (and the worst case is still just running out of memory), but you can reduce this risk by using allow_sharing.

CBOR::XS recurses using the C stack when decoding objects and arrays. The C stack is a limited resource: for instance, on my amd64 machine with 8MB of stack size I can decode around 180k nested arrays but only 14k nested CBOR objects (due to perl itself recursing deeply on croak to free the temporary). If that is exceeded, the program crashes. To be conservative, the default nesting limit is set to 512. If your process has a smaller stack, you should adjust this setting accordingly with the max_depth method.

CBOR::XS will use the Math::BigInt, Math::BigFloat and Math::BigRat libraries to represent encode/decode bignums. These can be very slow (as in, centuries of CPU time) and can even crash your program (and are generally not very trustworthy). See the next section for details.

CBOR::XS might leak contents of your Perl data structures in its error messages, so when you serialise sensitive information you might want to make sure that exceptions thrown by CBOR::XS will not end up in front of untrusted eyes.

CBOR::XS provides a TO_CBOR method for both Math::BigInt and Math::BigFloat that tries to encode the number in the simplest possible way, that is, either a CBOR integer, a CBOR bigint/decimal fraction (tag 4) or an arbitrary-exponent decimal fraction (tag 264). Rational numbers (Math::BigRat, tag 30) can also contain bignums as members.

CBOR::XS will also understand base-2 bigfloat or arbitrary-exponent bigfloats (tags 5 and 265), but it will never generate these on its own.

Using the built-in Math::BigInt::Calc support, encoding and decoding decimal fractions is generally fast. Decoding bigints can be slow for very big numbers (tens of thousands of digits, something that could potentially be caught by limiting the size of CBOR texts), and decoding bigfloats or arbitrary-exponent bigfloats can be extremely slow (minutes, decades) for large exponents (roughly 40 bit and longer).

Additionally, Math::BigInt can take advantage of other bignum libraries, such as Math::GMP, which cannot handle big floats with large exponents, and might simply abort or crash your program, due to their code quality.

This can be a concern if you want to parse untrusted CBOR. If it is, you might want to disable decoding of tag 2 (bigint) and 3 (negative bigint) types. You should also disable types 5 and 265, as these can be slow even without bigints.

Disabling bigints will also partially or fully disable types that rely on them, e.g. rational numbers that use bignums.

This section contains some random implementation notes. They do not describe guaranteed behaviour, but merely behaviour as-is implemented right now.

64 bit integers are only properly decoded when Perl was built with 64 bit support.

Strings and arrays are encoded with a definite length. Hashes as well, unless they are tied (or otherwise magical).

Only the double data type is supported for NV data types - when Perl uses long double to represent floating point values, they might not be encoded properly. Half precision types are accepted, but not encoded.

On perls that were built without 64 bit integer support (these are rare nowadays, even on 32 bit architectures, as all major Perl distributions are built with 64 bit integer support), support for any kind of 64 bit integer in CBOR is very limited - most likely, these 64 bit values will be truncated, corrupted, or otherwise not decoded correctly. This also includes string, array and map sizes that are stored as 64 bit integers.

This module is not guaranteed to be thread safe and there are no plans to change this until Perl gets thread support (as opposed to the horribly slow so-called "threads" which are simply slow and bloated process simulations - use fork, it's much faster, cheaper, better).